Our CEO Kevin Mandia, CSO Steve Booth, intelligence authority Sandra Joyce, cloud guru Martin Holste and aviation expert Christopher Porter take a view from the top on subjects as diverse (yet synergistic) as nation states' offensive capabilities, the vulnerabilities of the cloud, the widening skills gap and the continuing threat from ever more devious executions of social engineering.

A vastly increasing number of enterprises are moving their data to the cloud, and whether your view is that it is more or less secure, this is where the attackers are going too. This makes it imperative that you ask the right questions of not only your cloud vendors, but inwardly, of your organization, its business model, infrastructure, resources, employee behaviors and your own hunches.

Hostile activity by nation states is on the increase, not only in volume but in the diversity of emerging actors and their diverse motives. For example, the Chinese Belt and Road development strategy involving infrastructure development and investments in Europe, Asia and Africa is anticipated to drive new cyber threat activity. Regime-sponsored or endorsed activity originating in Iran uses social media to influence audiences around the world on the country's politics. And the North Korean regime is increasingly leveraging the country's cyber criminal capability as international sanctions hit harder. In the meantime, Russia continues to extend its activities with a number of motives.

Aviation is also covered in the report as a particular sector which faces varied, multilateral threats. There has long been speculation around whether it is possible to hack an aircraft. The Department of Homeland Security claims that technically, it is possible. In reality, however, it's unlikely. The more realistic cyber threats to the sector – which are actually happening today – include espionage committed against manufacturers of both military and civil aircraft and their components, data and financial theft from operators and ticket sellers, and ransomware attacks against airports with the objective of either disruption or financial extortion.

In cases such as the latter, it should not be considered unreasonable for passengers to get 'spooked' by such high-profile hostile activity, in turn impacting revenues and reputation.

In addition to the above and other trending threats, the report describes how the tactics, techniques and procedures traditionally used by APT groups and other organized cyber crime gangs are still reaping success for their perpetrators as levels of sophistication are added in order to evade detection and prevention:

As alluded to elsewhere in this issue of The Vision, email is still the most prevalent initial attack vector, representing the point of entry for 91% of attacks. Here, we have observed an increase in the use of password-protected malicious attachments to feign authenticity, and CEO and business email compromise fraud activity. SIM card spoofing – effectively bypassing 2FA – is also on the rise. Financial and espionage actors alike are making increased use of open-source malware as well as exploiting legitimate internet services for command and control (C2) purposes.

For this issue of The Vision we have cherry-picked some topics of interest. The report itself contains considerably more detail on these and many more trends for 2019 and beyond.